https://bugzilla.novell.com/show_bug.cgi?id=339073#c1 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Critical |Normal Status|NEW |RESOLVED Resolution| |INVALID --- Comment #1 from Ludwig Nussel 2007-11-05 05:29:29 MST --- A restricted shell doesn't make sense without a restricted PATH. That was a problem in previous default configurations. So you need to put a symlink to all commands you want to allow to /usr/lib/restricted/bin yourself now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=339073 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |yast2-maintainers@suse.de Status|REOPENED |NEW Component|Security |YaST2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=339073#c5 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de, werner@novell.com, | |ro@novell.com Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | Summary|restricted shell rbash usage is broken in 10.3 |rbash not in /etc/shells --- Comment #5 from Ludwig Nussel 2007-11-06 01:16:39 MST --- I don't know. I can't really judge whether it would be a good idea to add it either. Not having rbash in /etC/shells means that - a user cannot use chsh to set the login shell to rbash which means he cannot accidently lock himself into a restricted environment - pam_shells will refuse authentication ie a user with rbash cannot authenticate with pure-ftpd or vsftpd. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=339073#c7 Dr. Werner Fink changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|werner@novell.com |jsuchome@novell.com Severity|Normal |Minor --- Comment #7 from Dr. Werner Fink 2007-11-06 03:35:23 MST --- Please remember Jiří­: /suse/werner> rpm -qf /etc/shells aaa_base-10.3-90 /suse/werner> maintainer aaa_base ro@novell.com Beside this a restricted shell makes only sence with an restricted PATH otherwise the user of a restricted shell may escape by executing /bin/bash. It is on the system adiminstrator to add utilities like /bin/ls by setting the appropriate symbolic link to /usr/lib/restricted/bin . IMHO it is also the job of the system adiminstrator to use `useradd' with the option `-s /usr/bin/rbash' to add a restricted user. Nevertheless AFAICS the rbash *is* part of the /etc/shells: /suse/werner> grep rbash /etc/shells /usr/bin/rbash .. this is the same path as for the 10.2, if YaST does not find the rbash this is a bug of YaST. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=339073#c9 Dr. Werner Fink changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |223159 --- Comment #9 from Dr. Werner Fink 2007-11-06 04:38:04 MST --- This bug depends on bug #223159 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.